Field of the Disclosure
Examples of the present disclosure are related to systems and methods for tamper-resistant verification of firmware with a trusted platform module, wherein a field programmable gate array (FPGA) with an internal secret key is positioned between general system logic, platform firmware storage, and a trusted platform module (TPM).
Background
In computing, booting or booting up refers to the initialization of a computerized system, such as a computer, computer appliance, and may use software, firmware, etc. When booting, firmware may be used to perform hardware initialization to provide services for operating systems and programs. This firmware may initialize and test the system hardware components. Because the firmware initializes and tests the systems hardware components, it is desired to verify the boot process while still allowing for modification of the firmware by an authorized party.
Existing solutions to verify the boot process rely on a Trusted Platform Module (TPM) used in conjunction with an external Core Root of Trust/Measurement (CRTM), which is typically implemented as a software or firmware block executing on the platform CPU or coprocessor. Typically, the CRTM firmware is stored on the same storage device as the firmware that will be verified. As a result of the placement of these elements, an unauthorized party with physical access to the storage device can alter the CRTM. Altering the CRTM may cause the CRTM to falsely validate unauthorized code. Furthermore, unauthorized hardware or software that may intercept and/or provide signals to the TPM that mimic an authorized boot sequence. These flaws have required a TPM and CRTM, along with the general purpose computing platform serviced by these two components, to be positioned in highly secured physical environments, which negates the benefits of the TPM.
Alternatively, manufacturers may permanently build the CRTM into a chip via a mask ROM. This prevents extending and/or subverting the functionality of the CRTM, but relies on no bugs or other issues in the on-die CRTM firmware. If there are exploits, bugs, or other issues with the CRTM firmware, the computer is rendered permanently unsecure.
Other manufactures require a fixed signing key to load the CRTM firmware and/or initialize the firmware to initialize the computer. However, this does not allow owner or owner-authorized modifications of the firmware to initialize the computer without direct vendor intervention, prevents the machine owner from fixing known bugs without direct vendor cooperation, and creates an insecure back door that can be used by any parties knowing the fixed signing keys.
Accordingly, needs exist for more effective and efficient systems and methods for tamper-resistant verification of firmware with a trusted platform module.